Hi Benoit, > If "defaultTunnel" is established first and t1 second, the strongSwan > server receives the traffic from the tunnel t1 but doesn't send back > packets through it. The traffic seems to always be routed to the > tunnel "defaultTunnel". If t1 is established first and > "defaultTunnel" second, it works. > > Any ideas why this doesn't work anymore after upgrading? Is there a > way to ensure this always work regardless of the connection > establishment order?
The observed behavior is due to a difference between pluto's 4.4.1 kernel interface and charon's kernel interface plugins which pluto uses in 4.5.0. The difference is the calculation of the priorities assigned to policies installed in the kernel. Whereas pluto did include the netmask of the destination net in this calculation, charon did not so far. Thus, the priorities of the policies installed in your case are equal and the kernel obviously chooses the one installed first. I commited a patch to master [1] which changes the kernel interfaces to include the destination net into the priority calculation. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=e6f42b07 _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users